IoT Security

Brief iconSolution Brief:  Bringing Trust to the IoT PKI iconUse Case: Secure Production Programming (with Microsemi)
Blog iconArticle: Samsung Protects Connected
         Devices With Thales

Whitepaper: Securing Your PKI

Challenge: Securing the IoT

Organizations have only just begun discovering and benefiting from the opportunities provided by the Internet of Things.

The ability to distribute connected devices across geographies offers valuable functionality and creates both new revenue streams and cost savings. Consider a few examples:

    • Consumer electronics companies can offer customers remote firmware updates to increase customer satisfaction and generate additional revenue
    • Agricultural companies can actively collect and analyze soil data gathered by farming equipment and make real-time operational decisions to optimize crop yields;
    • Field support teams can remotely monitor equipment, order parts and provide preventive maintenance to avoid reduce service and warranty expenses.

However, the IoT also exposes organizations to new security vulnerabilities introduced by rapidly expanding network connections. And advanced attackers have demonstrated the ability to pivot to other systems once they have exposed a vulnerability.

Learn More

IoT Security

Thales HSMs provide the root of trust for connected devices to ensure only authorized devices – running approved code – can connect to, and participate in, organizational networks.

Hide Section

Risks Associated with the IoT

    • Devices or attackers impersonating a trusted device to conduct man-in-the-middle or other attacks.
    • Attacks on unsecured devices to expose protected content on the device or gain access to other connected systems.
    • Communications with devices that are compromised, incomplete, or lost.
    • The inability to ensure the privacy and integrity of data stored on, and transmitted to devices.
    • Unauthorized production runs at remote factories that result in counterfeit products, decreased revenues and damaged brand reputation.

Solutions: Thales HSMs Bring Trust to the IoT

To address these challenges, manufacturers of connected devices – such as customer-premises equipment, medical diagnostic devices, consumer electronics, among many others – rely on Thales hardware security modules (HSMs) to establish the root of trust required to create networks of trusted devices.

The recognized best practice for establishing device credentials starts by creating and protecting the underlying keys with an HSM. Using Thales HSMs and supporting security applications, manufacturers can establish strong device authentication by injecting a unique digital certificate into each unit before releasing it into the wild. With this unique ID in place, you can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, you can simply revoke its privileges.

PKI Supports the IoT
Establishing strong authentication is just one part of the puzzle. The IoT demands large scale management and protection of digital certificates and the underlying keys, all supported by a well-designed public key infrastructure (PKI). The accepted PKI best practice to secure your most sensitive keys and business processes is to use an HSM. Whether you work with one of our industry-leading PKI partners or tap into our Advanced Services Group’s knowledge and expertise, Thales HSMs will provide a high-assurance, independently-certified foundation for your PKI, regardless of complexity or scale.

Learn How Thales HSMs Are Bringing Trust to the IoT Today

Samsung required a solution that could provide cryptographic key generation, verification, signing and key management for its ARTIK IoT security framework. ARTIK modules are hardware components installed into partners’ IoT devices during the manufacturing process. ARTIK oversees the authorizations for programs allowed to run on these IoT devices. Samsung engaged with Thales to deliver critical security to its Samsung ARTIK platform and advance its vision of a secure IoT ecosystem.

Microsemi, a leading provider of semiconductor solutions, uses Thales HSMs in combination with custom firmware running on the nShield multi-purpose HSM to generate a unique authorization code for each of its SmartFusion2 or IGLOO2 devices. The authorization code can only be decrypted by the device for which it was generated. Within the HSM security boundary a device limit count is used to control the number of authorization codes generated and hence the number of systems built.

A manufacturer of medical diagnostic devices required the highest levels of security, as its portable units were to be deployed into remote areas to capture patient data, which would be stored on the device until it could be uploaded to a central server. The manufacturer chose Thales because we offer the strongest available security to ensure that sensitive health information stays protected, both on the device and in transit. Patient data is encrypted on the devices and in transit, and each device is manufactured with a unique, encrypted identity that is authenticated when a connection to the central server is attempted.

These are just a few examples of how Thales is delivering trust in the IoT era. Download our IoT solution brief or contact us today to discuss your unique IoT deployment strategies and requirements.


    • Reduce operational costs through secure control and monitoring of geographically-dispersed devices.
    • Defend against attacks by limiting access to protected systems and data to only authorized users and devices.
    • Ensure secure and authorized communications across the connected network.
    • Leverage the power and efficiency of elliptical curve cryptography, critical for many of today’s small connected devices.
    • Defend against unauthorized or inaccurate production runs that can impact revenues and brand reputation.
    • Secure the most sensitive keys and business processes in the organization in an independently-certified, tamper-resistant environment.
    • Validate that code updates are trusted and unaltered.
    • Protect revenue streams by limiting premium content to only authorized users and applications.